NYT, Twitter and HuffPo Attacked by Syrian Electronic Army

A pro-Syrian government group appeared to attack more than 10 websites, including Twitter, the New York Times and HuffingtonPost.com, said security researchers citing digital evidence.

The attacks by the Syrian Electronic Army, a group of hackers that supports Syrian President Bashar al-Assad, come as the U.S. is considering action against Syria. In the past, the group has taken action against media organizations and websites it believes are sympathetic to Syrian rebels.

The websites, including the Huffington Post’s U.K. website, appeared to be compromised Tuesday by the group, said a security researcher who had seen digital evidence. HuffingtonPost confirmed the attack and said there was a “minimal disruption of service.”

The hackers, meantime, repeatedly claimed they had taken over Twitter’s Internet address, though they appeared to be unsuccessful.

The social media site never appeared to lose service. (The hackers used their own Twitter account to claim they had hacked the social-media website.)

But for a brief time Tuesday evening, twitter.com, one of the most trafficked U.S. websites, at least appeared to be owned by a group called SEA, also the hacking group’s acronym. The website appeared to be registered to sea@sea.sy, according to a security researcher with knowledge of the digital evidence.

“Hi @Twitter, look at your domain, its owned by #SEA : ),” said a post on a Twitter account believed to be run by the Syrian Electronic Army.

The SEA didn’t respond to a request for comment.

Multiple security researchers with firsthand knowledge of digital evidence said all of the websites hacked shared a common feature: They were registered through a company in Australia.

The firm, Melbourne IT, said the credentials of one of its resellers were used to access its systems. The hackers were then able to change the records for several websites, a company spokesman said.

The company then locked those records from future changes after the problem was resolved, the spokesman said.

Entries in Twitter website records were modified at the company through which Twitter registers its Web address, the San Francisco company said in a blog post late Tuesday. A person familiar with the situation said Twitter’s Web address provider is Melbourne IT.

Twitter’s blog post said the modified records affected one website used to display photos or other images on Twitter’s service. As a result, some Twitter users experienced problems accessing images on Twitter, according to the person familiar with the situation.

“No Twitter user information was affected by this incident,” the company said in its blog post.

Similar digital evidence showed the New York Times’s website had been hacked by the SEA, said Johannes Ullrich, a cybersecurity expert at the SANS Institute in Washington. Ullrich, who doesn’t work for the Times, found digital evidence that shows the newspaper’s website was redirecting to a different server. When Ullrich, who has tracked the hacker group in the past, checked which new server nytimes.com directs to, he received the message “Hacked by SEA. Connection closed by foreign host.”

The Syrian Electronic Army has targeted several media organizations in the past, including the Washington Post, Reuters and the Onion, a satirical newspaper. When the SEA hacked the Twitter account of the Associated Press earlier this year, it posted a false headline to the account that said the White House had been attacked. The hoax caused U.S. stock markets to briefly lose $200 billion in value.

A Times spokeswoman on Tuesday tweeted that, based on an initial assessment, the outage appeared to be the result of a “malicious external attack” that the company was working to address. It was unclear who was responsible for the attack, the spokeswoman said in an interview.

The website was down for several hours. As of Tuesday night, the Times was publishing on a different Web address.